guelfoweb
commented
10 years ago Sure! Besides anti vm I think it would be more suitable for peid patterns I'm reading ... You've just opened a new world :)
Closed evilsocket closed 10 years ago
guelfoweb
commented
10 years ago Sure! Besides anti vm I think it would be more suitable for peid patterns I'm reading ... You've just opened a new world :)
evilsocket
commented
10 years ago :+1:
Hi there ... I saw you use O(n) algorithms to search for known anti vm patterns ( and generally speaking for known patterns from userdb ) ... no need to say, if you plan to make your db bigger ( and more updated ) this is gonna be SLOW, especially with big PE files ( i.e. few executable code with a big .rsrc section ). It would be a better approach to use the Aho-Corasick algorithm which is perfect in such circumstances ... you can find a Python implementation here, unless you are familiar with finite state automata, trie data structures, etc and you want to implement your own ( which I guarantee is quite funny to do :) ).